Cisco Cisco FirePOWER Appliance 8250
27-17
FireSIGHT System User Guide
Chapter 27 Using the FireSIGHT System as a Compliance Tool
Creating Compliance White Lists
The client is added. Note that if you added a built-in client, its name appears in italics. You can skip
the rest of the procedure, or optionally, to change any of the client’s values (such as its version),
click the client you just added to display the client editor.
the rest of the procedure, or optionally, to change any of the client’s values (such as its version),
click the client you just added to display the client editor.
•
To add a new client, select
<New Client>
and click
OK
.
The client editor appears.
Step 3
From the
Client
drop-down list, select the client.
Step 4
Optionally, in the
Version
field, specify a version for the client.
If you do not specify a version, the white list allows all versions as long as the name matches. Note that
if you restrict the version, you must specify it exactly as it would appear in a table view of clients.
if you restrict the version, you must specify it exactly as it would appear in a table view of clients.
Step 5
Click
OK
.
The client is added. Note that you must save the white list for your changes to take effect.
If you added a client to a white list that is used by an active correlation policy, after you save the white
list, the target hosts are re-evaluated. Although this re-evaluation may bring some hosts into compliance,
it does not generate any white list events.
list, the target hosts are re-evaluated. Although this re-evaluation may bring some hosts into compliance,
it does not generate any white list events.
Adding a Web Application to a Host Profile
License:
FireSIGHT
You can configure a compliance white list, using either a shared host profile or a host profile that belongs
to a single white list, to allow certain web applications to run on specific operating systems. You can also
configure a white list to allow certain web applications to run on any valid target; these are called
globally allowed web applications.
to a single white list, to allow certain web applications to run on specific operating systems. You can also
configure a white list to allow certain web applications to run on any valid target; these are called
globally allowed web applications.
To add a web application to a compliance white list host profile:
Access:
Admin
Step 1
While you are creating or modifying a white list host profile, click the add icon (
) next to
Allowed Web
Applications
(or next to
Globally Allowed Web Applications
if you are modifying the Any Operating System
host profile).
A pop-up window appears, listing all web applications detected by the system.
Step 2
Select a web application and click
OK
. Use Ctrl or Shift while clicking to select multiple web
applications. You can also click and drag to select multiple adjacent web applications.
The web application is added. Note that you must save the white list for your changes to take effect.
If you added a web application to a white list that is used by an active correlation policy, after you save
the white list, the target hosts are re-evaluated. Although this re-evaluation may bring some hosts into
compliance, it does not generate any white list events.
the white list, the target hosts are re-evaluated. Although this re-evaluation may bring some hosts into
compliance, it does not generate any white list events.
Adding a Protocol to a Host Profile
License:
FireSIGHT